Feel free to correct me if I'm wrong, but I feel like I want to set up a SSL web server in such a way that only the web server itself can sign web pages.
But it looks to me as if the closest I can come at present is for the factotum behind /srv/factotum to contain the RSA key tagged with "owner=none", which I think means that anybody who is "none", not just the one web server process and its descendants, can sign things. I notice in httpd.c that some things are opened before becomenone()... would it make sense to somehow latch onto a "private" factotum at this point and then use it after becomenone()? Dave Eckhardt
